Transparent Redirect

The following sub-sections will outline the various API methods present in the Merchant Warrior Transparent Redirect

Endpoints

Sandbox
POST https://api.merchantwarrior.com/transfer/ Copy

Production
POST https://base.merchantwarrior.com/transfer/ Copy

Introduction

The Transparent Redirect (also referred to as a Direct POST) service allows merchants to host and customize a secure hosted payment page themselves, whilst assisting in reducing the scope of PCI DSS compliance.

Merchants who do not wish to store, process or transmit credit card (PAN) will be able to achieve this with this service.

Requests are generated via a form presented to the customer's browser.

You can download sample material here for examples.

getAccessToken

The getAccessToken method generates a one time access token to be used with transactions

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: getAccessToken

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method.
Example: e9ddc296b76b3398934bfc06239073df
Valid Length: 32 characters

urlHash

The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

Copy
curl -X POST \
  -d method="getAccessToken" \
  -d merchantUUID="5265f8eed6a19" \
  -d apiKey="ksmnwxab" \
  -d hash="f518187f47bc52fe5a76a18593df72c9" \
  -d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/transfer/
curl -X POST -d method="getAccessToken" -d merchantUUID="5265f8eed6a19" -d apiKey="ksmnwxab" -d hash="f518187f47bc52fe5a76a18593df72c9" -d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/transfer/
require 'net/http'
require 'uri'

uri = URI.parse("https://api.merchantwarrior.com/transfer/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
)

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
  http.request(request)
end

puts response.body
require 'net/http' require 'uri' uri = URI.parse("https://api.merchantwarrior.com/transfer/") request = Net::HTTP::Post.new(uri) request.set_form_data( 'method' => 'getAccessToken', 'merchantUUID' => '5265f8eed6a19', 'apiKey' => 'ksmnwxab', 'hash' => 'f518187f47bc52fe5a76a18593df72c9', 'urlHash' => '49713da3df889c861c5643107af9dcde' ) response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http| http.request(request) end puts response.body
import requests

data = {
  'method' : 'getAccessToken',
  'merchantUUID' : '5265f8eed6a19',
  'apiKey' : 'ksmnwxab',
  'hash' : 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' : '49713da3df889c861c5643107af9dcde'
}

r = requests.post('https://api.merchantwarrior.com/transfer/', data = data)

print(r.text)
import requests data = { 'method' : 'getAccessToken', 'merchantUUID' : '5265f8eed6a19', 'apiKey' : 'ksmnwxab', 'hash' : 'f518187f47bc52fe5a76a18593df72c9', 'urlHash' : '49713da3df889c861c5643107af9dcde' } r = requests.post('https://api.merchantwarrior.com/transfer/', data = data) print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/transfer/');

// Setup POST data
$postData = array (
  'method' => 'getAccessToken',
  'merchantUUID' => '5265f8eed6a19',
  'apiKey' => 'ksmnwxab',
  'hash' => 'f518187f47bc52fe5a76a18593df72c9',
  'urlHash' => '49713da3df889c861c5643107af9dcde'
);

// Setup CURL defaults
$curl = curl_init();

// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));

// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);

// Check for CURL errors
if (isset($error) && strlen($error)) {
	throw new Exception("CURL Error: {$error}");
}

// Parse the XML
$xml = simplexml_load_string($response);

// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;

// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;

// Make the response a little more useable
$result = array (
	'status' => $status, 
	'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
	'responseData' => $xml
);

exit(var_dump($result));
?>
'getAccessToken', 'merchantUUID' => '5265f8eed6a19', 'apiKey' => 'ksmnwxab', 'hash' => 'f518187f47bc52fe5a76a18593df72c9', 'urlHash' => '49713da3df889c861c5643107af9dcde' ); // Setup CURL defaults $curl = curl_init(); // Setup CURL params for this request curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&')); // Run CURL $response = curl_exec($curl); $error = curl_error($curl); // Check for CURL errors if (isset($error) && strlen($error)) { throw new Exception("CURL Error: {$error}"); } // Parse the XML $xml = simplexml_load_string($response); // Convert the result from a SimpleXMLObject into an array $xml = (array)$xml; // Validate the response - the only successful code is 0 $status = ((int)$xml['responseCode'] === 0) ? true : false; // Make the response a little more useable $result = array ( 'status' => $status, 'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null), 'responseData' => $xml ); exit(var_dump($result)); ?>
using System;
using System.Collections.Generic;
using System.Linq;

public class Program {
    public static void Main(string[] args) {
        using(var client = new System.Net.WebClient()) {
            byte[] response = client.UploadValues("https://api.merchantwarrior.com/transfer/", 
                    new System.Collections.Specialized.NameValueCollection() {
                        { "method", "getAccessToken" },
                        { "merchantUUID", "578dd399d2373" },
                        { "apiKey", "dyqxkzse" },
                        { "hash", "f518187f47bc52fe5a76a18593df72c9" },
                        { "urlHash", "49713da3df889c861c5643107af9dcde" },
                    });
            String result = System.Text.Encoding.Default.GetString(response);
            Console.WriteLine(result);
		    }
    }
}
using System; using System.Collections.Generic; using System.Linq; public class Program { public static void Main(string[] args) { using(var client = new System.Net.WebClient()) { byte[] response = client.UploadValues("https://api.merchantwarrior.com/transfer/", new System.Collections.Specialized.NameValueCollection() { { "method", "getAccessToken" }, { "merchantUUID", "578dd399d2373" }, { "apiKey", "dyqxkzse" }, { "hash", "f518187f47bc52fe5a76a18593df72c9" }, { "urlHash", "49713da3df889c861c5643107af9dcde" }, }); String result = System.Text.Encoding.Default.GetString(response); Console.WriteLine(result); } } }
Imports System
Imports System.Collections.Generic
Imports System.Linq

Public Module Program
    Public Sub Main(args As String())
        Using client = New System.Net.WebClient()
            Dim response As Byte() = client.UploadValues(
            "https://api.merchantwarrior.com/transfer/", 
            New System.Collections.Specialized.NameValueCollection() From { _
                {"method", "getAccessToken"}, _
                {"merchantUUID", "578dd399d2373"}, _
                {"apiKey", "dyqxkzse"}, _
                {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
                {"urlHash", "49713da3df889c861c5643107af9dcde"} _
            })
            Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
            Console.WriteLine(result)
        End Using
    End Sub
End Module
Imports System Imports System.Collections.Generic Imports System.Linq Public Module Program Public Sub Main(args As String()) Using client = New System.Net.WebClient() Dim response As Byte() = client.UploadValues( "https://api.merchantwarrior.com/transfer/", New System.Collections.Specialized.NameValueCollection() From { _ {"method", "getAccessToken"}, _ {"merchantUUID", "578dd399d2373"}, _ {"apiKey", "dyqxkzse"}, _ {"hash", "f518187f47bc52fe5a76a18593df72c9"}, _ {"urlHash", "49713da3df889c861c5643107af9dcde"} _ }) Dim result As [String] = System.Text.Encoding.[Default].GetString(response) Console.WriteLine(result) End Using End Sub End Module
import java.io.*;
import java.net.*;
import java.util.*;

public class Program{

    public static void main(String[] args) {
        try{
            URL url = new URL("https://api.merchantwarrior.com/transfer/");
            Map<String, String> params = new LinkedHashMap<>();
            params.put("method", "getAccessToken");
            params.put("merchantUUID", "5265f8eed6a19");
            params.put("apiKey", "ksmnwxab");         
            params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
			params.put("urlHash", "49713da3df889c861c5643107af9dcde");
            
            StringBuilder postData = new StringBuilder();
            for (Map.Entry<String, String> param : params.entrySet()) {
              if (postData.length() != 0) 
                postData.append('&');
                postData.append(param.getKey());
                postData.append('=');
                postData.append(param.getValue());
            }
            HttpURLConnection conn = (HttpURLConnection)url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            conn.setDoOutput(true);
            
            OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
            writer.write(postData.toString());
            writer.flush();
            
            BufferedReader reader = new BufferedReader(
            	new InputStreamReader(conn.getInputStream()));
            String line;
            StringBuilder sb = new StringBuilder();
            while((line = reader.readLine()) != null){
            	sb.append(line);
            }
            System.out.println(sb.toString());
            writer.close();
            reader.close();
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }
    
}
import java.io.*; import java.net.*; import java.util.*; public class Program{ public static void main(String[] args) { try{ URL url = new URL("https://api.merchantwarrior.com/transfer/"); Map params = new LinkedHashMap<>(); params.put("method", "getAccessToken"); params.put("merchantUUID", "5265f8eed6a19"); params.put("apiKey", "ksmnwxab"); params.put("hash", "b55552ff426d7e3d4885465d27ea0062"); params.put("urlHash", "49713da3df889c861c5643107af9dcde"); StringBuilder postData = new StringBuilder(); for (Map.Entry param : params.entrySet()) { if (postData.length() != 0) postData.append('&'); postData.append(param.getKey()); postData.append('='); postData.append(param.getValue()); } HttpURLConnection conn = (HttpURLConnection)url.openConnection(); conn.setRequestMethod("POST"); conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); conn.setDoOutput(true); OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream()); writer.write(postData.toString()); writer.flush(); BufferedReader reader = new BufferedReader( new InputStreamReader(conn.getInputStream())); String line; StringBuilder sb = new StringBuilder(); while((line = reader.readLine()) != null){ sb.append(line); } System.out.println(sb.toString()); writer.close(); reader.close(); } catch(Exception ex){ ex.printStackTrace(); } } }
Copy
<?xml version="1.0"?>
<mwResponse>
  <responseCode>0</responseCode>
  <responseMessage>Operation successful</responseMessage>
  <token>578de10d9a</token>
</mwResponse>
0 Operation successful 578de10d9a
{
    "responseCode": "0",
    "responseMessage": "Operation successful",
    "token": "578de10d9a"
}
{ "responseCode": "0", "responseMessage": "Operation successful", "token": "578de10d9a" }
processCard

The processCard method is the method used to perform a purchase request

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: processCard

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

transactionAmount

The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00

transactionCurrency

One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD

transactionProduct

A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

customerName

This field can only contain alphanumeric characters, as well as the full stop and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters

customerCountry

Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters

customerState

Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters

customerCity

Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters

customerAddress

Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters

customerPostCode

This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters

paymentCardNumber

Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits

paymentCardExpiry

This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits

paymentCardName

This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Optional Parameters

Parameter Description
transactionReferenceID

This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

customerPhone

Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters

customerEmail

Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

customerIP

Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

storeID

The value of this field is the merchant's store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

paymentCardCSC

This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

addCard

This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

processAuth

The processAuth method is used to perform a pre-authorization request

Required Parameters

Parameter Description
method

This field is case sensitive.
Example: processAuth

merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

accessToken

The value returned by the getAccessToken method.
Example: 578de10d9a

transactionAmount

The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected.
Example: 10.00

transactionCurrency

One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive.
Example: AUD

transactionProduct

A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes.
Example: ABC4321
Valid length: Up to 255 characters. Some Acquirers limit this field to 40 characters.

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

customerName

This field can only contain alphanumeric characters, as well as the full stop and hyphen characters.
Example: Mr. Example Person
Valid length: Between 2 and 255 characters

customerCountry

Two letter ISO 3166-1 alpha-2 country code.
Example: AU
Valid length: 2 characters

customerState

Freeform field, keep consistent for your records and reporting.
Example: Queensland
Valid length: Up to 75 characters

customerCity

Freeform field, keep consistent for your records and reporting.
Example: Brisbane
Valid length: Up to 75 characters

customerAddress

Freeform field.
Example: 123 Test Street
Valid length: Up to 255 characters

customerPostCode

This can also accomodate ZIP/Post codes for international transactions.
Example: 4000
Valid length: Between 4 and 10 characters

paymentCardNumber

Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits

paymentCardExpiry

This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits

paymentCardName

This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters

hash

The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly.
Example: e9ddc296b76b3398934bfc06239073df
Valid length: 32 characters

Optional Parameters

Parameter Description
transactionReferenceID

This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received.
Example: A257240023321
Valid length: Up to 40 characters

customerPhone

Anything other than +,-, space and 0-9 will be stripped.
Example: 0401234567 or 61731234567
Valid length: Up to 25 characters

customerEmail

Sending this optional parameter is highly recommended.
Example: [email protected]
Valid length: Up to 255 characters

customerIP

Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended.
Example: 123.456.789.012 or 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Valid length: Up to 39 characters

storeID

The value of this field is the merchant's store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter.
Example: Test store name

paymentCardCSC

This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information.
Example: 123
Valid length: Between 3 and 4 characters

addCard

This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction.
Example: 1
Valid Length: 1 digit

custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters

addCard

Required Parameters

Parameter Description
merchantUUID

The value of this parameter is provided to you by Merchant Warrior.
Example: 123456789abcd

apiKey

The value of this parameter is provided to you by Merchant Warrior.
Example: 1a3b5c

accessToken

The value returned by the getAccessToken method.
Example: 578de10d9a

paymentCardName

This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed.
Example: Mr. Example Person or MR E PERSON or Example Person
Valid length: Between 3 and 255 characters

paymentCardNumber

Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678).
Example: 5123456789012346 or 4557012345678902
Valid length: Between 13 and 16 digits

paymentCardExpiry

This must be MMYY format. The month must be zero padded if it is less than 10.
Example: 0513
Valid length: 4 digits

returnURL

The customer will be redirected to this URL upon completion of the transaction.
Example: https://www.example.com/return.php

notifyURL

Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters.
Example: https://www.example.com/notify.php

urlHash

The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly.
Example: Queensland
Valid Length: Up to 32 characters

hashSalt

Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction.
Example: 3x4mpl3s4lt!

Optional Parameters

Parameter Description
custom1

Freeform field. Returned as <custom1> in the XML response.
Valid length: Up to 500 characters

custom2

Freeform field. Returned as <custom2> in the XML response.
Valid length: Up to 500 characters

custom3

Freeform field. Returned as <custom3> in the XML response.
Valid length: Up to 500 characters